Monday, 29 April 2013 22:33

Active Disassembly

Active disassembly analyses code behaviour at runtime, and uses that information to build a more accurate disassembly than is possible using traditional "static" disassemblers.

Structures that traditionally thwart disassemblers such as jump tables can be detected by active disassembly, with unexplored code paths traversed through these barriers. Embedded data can also be analysed and grouped into logical elements based on how and where it is used, and offsets to code and data can be detected and correctly formatted, so that changes can be made to the disassembled code without breaking offset references.